Highlights 

  • CrowdStrike rolls out mission-ready agents to automate tasks across the full security lifecycle. 
  • Agents trained on elite SOC analysts’ knowledge to provide autonomous decision-making under defender oversight. 
  • New Falcon agents handle application creation, data onboarding, and exposure prioritization workflows. 

CrowdStrike (NASDAQ:CRWD)has broadened its Agentic Security Workforce by introducing additional mission-ready agents to the Falcon® platform. These new agents follow the initial rollout at Fal.Con 2025 and extend agentic automation to key Falcon platform functions, such as app creation and data onboarding. The expansion aims to improve workflow efficiency and allow analysts to focus on strategic security decisions. 

George Kurtz, CEO and founder of CrowdStrike, commented: 
"If agents are expected to think, reason, and act like an expert analyst, they must be trained on expert experience, not legacy playbooks. That’s the difference between static automation and true intelligence – playbooks train automation, people train intelligence. CrowdStrike’s agents learn from the world’s best SOC operators, giving them the judgment to act autonomously and the discipline to stay under defender command." 

New and Updated Falcon Agents 

Delivered through Falcon platform modules, the Agentic Security Workforce combines existing agents trained on millions of Falcon® Complete SOC decisions with new agents that simplify tasks based on real-world usage. Unlike conventional automation platforms, CrowdStrike agents inherit human expert judgment, enabling autonomous decision-making and reasoning across large datasets. Key agent updates include: 

  • Foundry App Creation Agent (Falcon Foundry): Builds and deploys custom security applications without coding, using natural language input from analysts. 
  • Data Onboarding Agent (Falcon Next-Gen SIEM): Accelerates data onboarding by streamlining ingestion, configuration, validation, and troubleshooting processes. 
  • Updated Exposure Prioritization Agent (Falcon Exposure Management): Adds authenticated scanning and continuous visibility, prioritizing risk-based remediation via ExPRT.AI. 

Orchestration and Agentic SOC Integration 

The expanded agentic ecosystem also leverages Charlotte AI AgentWorks and Charlotte Agentic SOAR. AgentWorks allows organizations to build no-code, custom agents, while Charlotte Agentic SOAR serves as an orchestration layer enabling analysts to integrate Falcon, third-party, and custom agents, reason over shared datasets, and execute coordinated workflows. These tools aim to accelerate the agentic SOC across the entire security lifecycle. 

About CrowdStrike 

CrowdStrike (NASDAQ:CRWD) is a global cybersecurity firm providing cloud-native protection for endpoints and cloud workloads. Powered by the CrowdStrike Security Cloud and AI, the Falcon® platform delivers real-time attack detection, automated protection and remediation, threat hunting, and vulnerability observability.